Examining the Risk Factors for Hospital Ransomware Attacks: A Qualitative Study

Ransomware attacks have started to affect the hospital industry and cause major disruptions in operations. There are at least five successful ransomware attacks that have affected hospitals. The only way they were able to regain access to their systems were to submit payment via bitcoin to the entity that conveyed the ransom or recover their systems from backups. In this study, we identified risk factors from published reports for hospital ransomware attacks. This study employed a qualitative review of published news articles and reports that discussed the events of the ransomware attacks. This exploratory method is appropriate for new and emerging topics and used to compare written text to established guidelines or models. We used the NIST Cyber Security Framework to code content and analyze information from journal articles, memos, blogs, research studies and white papers that contained information reported by the hospitals. Hospitals and media reports were not transparent in reporting detailed information surrounding the events of ransomware attacks. Overall, study results demonstrate that there are risk factors for hospitals to become targets for ransomware attacks